0f6eb42c73b7dac1ca64cf306fdfb97d220a2c1f4899a06946e767fda27fcc6d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f6eb42c73b7dac1ca64cf306fdfb97d220a2c1f4899a06946e767fda27fcc6d
Size

45KB
MD5

9361f13250a2f89d6a8ccd64795b4220
SHA1

2d9477bfa64c41bf814b604668433c01c4734c96
SHA256

0f6eb42c73b7dac1ca64cf306fdfb97d220a2c1f4899a06946e767fda27fcc6d
SHA512

3ed16343829247b0fb5a045f98f647c940e84ab62f2b5ea167463a7cdeea0651cd5f73c0457f8a0d5531dad0c25c20ac908c015613b1b12e88a66da49f7272be
SSDEEP

768:PrVXOi3RfCZHV8HSx9GxuZ+nQ0D2hd8ANCdwnxq2:PpOcfCZHVMSx9GxuZ+nQ0D2hdgGxX

Score

N/A

Malware Config

Signatures

Files

0f6eb42c73b7dac1ca64cf306fdfb97d220a2c1f4899a06946e767fda27fcc6d
.exe windows x86

0cc84c3b0e426a5fcbd9b90e9bf69792

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeDelayExecutionThread
ZwClose
ZwCreateKey
wcslen
swprintf
RtlInitUnicodeString
wcscat
wcscpy
MmIsAddressValid
ZwUnmapViewOfSection
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
ExAllocatePoolWithTag
KeInitializeTimer
IofCompleteRequest
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
PsGetVersion
_wcslwr
wcsncpy
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
_snprintf
ExFreePool
ZwQuerySystemInformation
ZwMapViewOfSection
ZwCreateSection
MmGetSystemRoutineAddress
IoRegisterDriverReinitialization
strncmp
IoGetCurrentProcess
_wcsnicmp

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 704B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ